r 



Attorney Docket No.: 01 0327-0082 10US 
Client Reference No.: 30 

PATENT APPLICATION 

METHOD AND SYSTEM FOR PROVIDING REGISTRATION-BASED 

SIP NAT TRAVERSAL 

Inventor(s): Terry Hardie, a citizen of New Zealand, residing at 
228 Appian Way 
Union City, CA 94587 

Troy Pummill, a citizen of United States, residing at 
2900 Maplethorpe Lane 
Soquel, CA 95073 



Assignee: Network Equipment Technologies, Inc. 
6900 Paseo Padre Parkway 
Fremont, CA 94555 



Entity: Large Business Concern 



TOWNSEND and TOWNS END and CREW LLP 
Two Embarcadero Center, Eighth Floor 
San Francisco, California 941 1 1-3834 
Tel: 415-576-0200 



PATENT 



Attorney Docket No.: 01 0327-0082 10US 
Client Reference No.: 30 

METHOD AND SYSTEM FOR PROVIDING REGISTRATION-BASED 

SIP NAT TRAVERSAL 

CROSS-REFERENCES TO RELATED APPLICATION(S) 
5 [0001] The present application claims the benefit of priority under 35 U.S.C. § 1 19 

from U.S. Provisional Patent Application Serial No. 60/458,549, entitled "REGISTRATION- 
BASED SIP NAT TRAVERSAL" filed on March 26, 2003, the disclosure of which is hereby 
incorporated by reference in its entirety for all purposes. 

1 0 BACKGROUND OF THE INVENTION 

[0002] The present invention generally relates to network communications and, more 

specifically, to a method and system for facilitating communications between devices where 
a network access translation device is used. 

[0003] Fully functional telephony relies on the ability for any party to call any other 

15 party. NAT (Network Access Translation) devices represent a significant barrier to SIP 

(Session Initiation Protocol) calls. This is because NAT devices prevent SIP clients outside 
the NAT'S domain (NAT-exterior) from calling or reaching a client located within the 
NAT'S domain (NAT-interior). For clarification, a NAT device can be viewed as a dividing 
point between two networks. Devices behind the NAT device are protected from the devices 
20 installed on the network beyond, or outside, the NAT device. Devices connected behind the 
NAT device are on the interior network, hence they are NAT-interior devices. Those devices 
not connected behind the NAT device are on the exterior network, hence they are NAT- 
exterior devices. 

[0004] By its nature, NAT devices block inbound communication streams, unless a 

25 NAT-interior client initiates the communication session. With a NAT device installed, it is 
practically impossible for a NAT-exterior device to originate a call to a NAT-interior device. 

[0005] There are several methods presently posed by the industry in response to the 

foregoing issue including, for example, virtual private networks, STUN servers, SEP-aware 
NAT devices and proprietary client software/server. All of these solutions, though 
30 functional, are complex and require additional, dedicated hardware and/or proprietary 



software. The proprietary nature of these arrangements, however, hinder their usefulness, 
because clients are unable to communicate with other servers that do not employ their 
proprietary protocols. It may be possible for an enterprise (company) to install these types of 
solutions for their employees. However, these solutions hardly address the goal of ubiquitous 
5 communications via SIP. 

[0006] Hence, it would be desirable to provide a system that is capable of resolving 

the foregoing problem, as well as others, including facilitating improved communications 
between devices where a NAT device is involved. 

1 0 BRIEF SUMMARY OF THE INVENTION 

[0007] A system for providing network access translation device traversal to facilitate 

communications is provided. In one embodiment, the system includes a network access 
translation (NAT) device, a first Session Initiation Protocol (SIP) client located on the interior 
of the NAT device, a second SIP client located on the exterior of the NAT device, and a 

15 proxy server configured to maintain registration information relating to the first SIP client 

and the NAT device. The proxy server is further configured to allow the second SIP client to 
initiate contact with the first SEP client and establish a communication session using the 
registration information. The communication session is established by traversing the NAT 
device. 

20 [0008] The registration information is periodically provided to the proxy server based 

on a condition including startup of the first SIP client. The registration information includes 
an Internet Protocol (LP) address abstraction, NAT-translated EP address and port information. 
The registration information includes information supplied by the first SIP client and the 
NAT device respectively. 

25 [00091 Upon the first SIP client forwarding its portion of the registration information 

to the proxy server via the NAT device, the NAT device creates a binding for the first SIP 
client. The binding and the registration information are used to allow the second SIP client to 
initiate contact and establish the communication session with the first SIP client by traversing 
the proxy server and the NAT device. 

30 [0010] When the second SEP client wishes to initiate contact with the first SEP client, 

the second SEP client forwards a SEP INVITE command to the proxy server. Upon receiving 
the SIP INVITE command, the proxy server uses the registration information to identify the 
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NAT device and forwards the SIP INVITE command to the NAT device. Upon the NAT 
device receiving the SIP INVITE command, the NAT device uses the binding to forward the 
SEP INVITE command to the first SEP client. Upon the first SIP client accepting the SIP 
INVITE command, SEP signaling between the first SIP client and the second SIP client can 
5 be conducted through the NAT device, the ports being identified by the response that the 
second SEP client receives from the first SIP client. 

[0011] In one implementation, the proxy server is part of a telephone gateway. 

[0012] Reference to the remaining portions of the specification, including the 

drawings and claims, will realize other features and advantages of the present invention. 
10 Further features and advantages of the present invention, as well as the structure and 

operation of various embodiments of the present invention, are described in detail below with 
respect to accompanying drawings, like reference numbers indicate identical or functionally 
similar elements. 

1 5 BRIEF DESCRIPTION OF THE DRAWINGS 

[0013] FIG. 1 is a simplified block diagram showing an illustrative configuration of a 

system according to an embodiment of the present invention. 

DETAILED DESCRIPTION OF THE INVENTION 
20 [0014] The present invention in the form of one or more exemplary embodiments will 

now be described. FIG. 1 is a simplified block diagram showing an illustrative configuration 
of a system according to an embodiment of the present invention. As shown in FIG. 1, the 
system 100 includes a SIP client (NAT-interior) 102, a private computer network 104, a 
network translation access (NAT) device 106, a public computer network 108, a proxy server 
25 1 10, a public switched telephone network 1 12 and a SIP client (NAT-exterior) 1 14. 

[0015] In one exemplary aspect, the system 100 facilitates communications between 

the SIP client 102 located in the NAT-interior with the SIP client 114 located in the NAT- 
exterior as follows. First, the NAT-interior SIP client 102 communicates with the proxy 
server 1 10 via the private computer network 104 and the NAT device 106 to provide certain 
30 information to the proxy server 1 10 for registration purposes. The registration information 
can be provided to the proxy server 1 10 in a number of ways. For example, the NAT-interior 
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SIP client 102 can be configured to register its relevant information with the proxy server 1 10 
upon startup or other designated condition(s). 

[0016] The registration information belonging to the NAT-interior SIP client 102 is 

then recorded and maintained by the proxy server 1 10 and, as will be further described 
5 below, used to establish communications with the NAT-interior SIP client 102. The 

registration information provided by the NAT-interior SEP client 102 includes, for example, 
the client name and the source Internet Protocol (IP) address abstraction. 

[0017] In addition, the proxy server 110 also captures and records relevant 

information relating to the NAT device 106. Such information includes, for example, the 
10 NAT-translated IP address and port information relating to the port on the NAT device 106 
that was used to send the registration information to the proxy server 1 10. This information 
is added as part of the registration information for NAT-interior SIP client 102. In one 
implementation, the registration information is stored in a memory device in the form of a 
lookup table on the proxy server 1 10. 

1 5 [0018] The private computer network 104 can be any computer network employed by 

an enterprise (company) to provide network communications. The NAT device 106 can be 
any device that is capable of handling network access translation and is commonly known in 
the industry. The proxy server 1 10 is located outside of the NAT device 106 relative to the 
NAT-interior SIP client 102. 

20 [0019] When the NAT-interior SIP client 102 registers with the proxy server 1 10 via 

the NAT device 106, a binding, 106i, is created in the NAT device 106. The binding 
provides a path or link for the proxy server 1 10 to subsequently reach the NAT-interior SIP 
client 102 via the NAT device 106. 

[0020] The proxy server 110, and the registration information for the NAT-interior 

25 SIP client 102 maintained thereon, can be used to establish communications between the 
NAT-interior SIP client 102 and the NAT-exterior SIP client 1 14. When the NAT-exterior 
SEP client 1 14 wishes to call the NAT-interior SIP client 102, the NAT-exterior SIP client 
1 14 first sends a command, such as a SIP INVITE command, and other identification 
information to the proxy server 1 10. Other identification information includes, for example, 
30 information identifying the NAT-interior SIP client 102. The proxy server 110 then looks up 
the registration information belonging to the NAT-interior SIP client 102, including the 
corresponding NAT-translated IP address and port information. Using the registration 
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information, the proxy server 110 then forwards the SIP INVITE command to the NAT 
device 106 on the IP address and port identified in the registration information. By sending 
the SIP INVITE command on the registration-derived address/port, rather than the well- 
known SIP signaling port (5060), the proxy server 110 ensures that the SIP INVITE 
5 command will traverse the NAT device 106 using the binding I06i. 

[0021] As mentioned above, a binding 106i for the NAT-interior SIP client 102 is 

created when the NAT-interior SEP client 102 communicates with the proxy server 1 10 via 
the NAT device 106 for registration purposes. Since the NAT device 106 is already bound 
for that (NAT-interior) source IP address and port number, the NAT device 106 is then able 
10 to forward the SIP INVITE command to the intended NAT-interior SIP client 102 from the 
SIP proxy server 110. 

[0022] Upon receiving the SIP INVITE command, the NAT-interior SIP client 102 

establishes communications with the NAT-exterior SIP client 1 14, creating a new binding 
106ii in the NAT device 106. The remaining SIP signaling between the NAT-interior SIP 
1 5 client 102 and the NAT-exterior SIP client 1 14 is then conducted via that port. 

[0023] In order to prevent the binding 106i in the NAT device 106 from expiring, the 

NAT-interior SIP client 102 periodically communicates with the proxy server 1 10 via the 
NAT device 106 to supply the registration information. Or viewed another way, the NAT- 
interior SIP client 102 periodically registers with proxy server 110 thereby maintaining a 

20 valid binding in the NAT device 106. As a result, the NAT-interior SIP client 102 always 
maintains a valid binding in the NAT device 106, thereby allowing any NAT-exterior SIP 
client 1 14 to initiate communications with the NAT-interior SIP client 102 via the proxy 
server 110. The periodic registration can be achieved for example, as described above, by 
configuring the NAT-interior SIP client 102 to register with the proxy server 1 10 upon 

25 startup or other designated condition(s). 

[0024] Referring to FIG. 1, the operations of the system 100 is further illustrated with 

the following example. Registration information associated with the NAT-interior SIP client 
102 is shown as information 102i including its IP address (192.168.1.10), IP address 
abstraction (user@net.com) and port information (5060). Information for the binding created 
30 when the NAT-interior SIP client 102 registers with the proxy server 1 10 is shown as 

information 106i. In this example, the binding information 106i shows that the private IP 
address and port (192.168.1.10:5060) is associated with public IP address and port 
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(134.56.1.1:5070) and final destination IP address and port (134.56.3.1:5060). Port (5060) is 
used to transmit traffic to and from the NAT-interior SIP client 102 and port (5070) is used to 
transmit traffic to and from the SIP proxy server 1 10. 

[0025] For registration, the NAT-interior SIP client 102 forwards a registration 

5 request (having registration information described above) to the NAT device 106 which, in 
turn, forwards the registration request to the proxy server 1 10 in a registration packet. The 
proxy server 110 compares the IP address contained within the registration request with the 
source IP address for the (registration) packet (the source IP address of the registration packet 
is the NAT device's 106 IP address). If they do not match, the proxy server 1 10 can infer 
10 that the client is probably behind a NAT device 106. In such circumstances, any SIP message 
from the SIP proxy server 1 10 to the NAT-interior SIP client 102 should be forwarded to the 
NAT device's IP address , and not the IP address and port contained within the registration 
request. 

[0026) Upon registration, the proxy server 110 records the registration information 

15 relating to the NAT-interior SIP client 102 shown as information 1 lOi including the IP 
address abstraction (user@net.com), the NAT-translated IP address (134.56.1.1) and port 
information (5070). Note, that the NAT-translated IP address comes from the registration 
packet itself, and the IP address and port inside the registration request (192.168.1.10:5060) 
are discarded. 

20 [0027] When the NAT-exterior SIP client 1 14 wishes to establish a communication 

session with the NAT-interior SIP client 102, the NAT-exterior SIP client 1 14 sends a SIP 
INVITE command to the proxy server 1 10. The SIP INVITE command includes, for 
example, the IP address abstraction (user@net.com) that corresponds to the NAT-interior SIP 
client 102. Using information from the SIP INVITE command, such as the IP address 

25 abstraction, the proxy server 110 locates the relevant registration information 1 lOi for the 

NAT-interior SIP client 102. The relevant registration information 1 lOi including the NAT- 
translated IP address (134.56.1.1) and port information (5070) is then used to contact the 
NAT-interior SIP client 102. The NAT-translated IP address (134.56.1.1) identifies the 
appropriate NAT device 106 and the port information (5070) identifies the appropriate port 

30 on the NAT device 106 that can be used to establish contact with the NAT-interior SEP client 
102. The proxy server 1 10 then forwards the SEP INVITE command to the NAT device 106 
via port (5070) based on the relevant registration information 1 lOi. 
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[0028] The NAT device 106 subsequently retrieves the corresponding binding 

information 106i. Using the binding information 106i, the NAT device 106 identifies the port 
(5060) that is registered to the NAT-interior SIP client 102 and forwards the SEP rNVITE 
command to the NAT-interior SEP client 102. 

5 [0029] Once the NAT-interior SIP client 102 has processed and accepted the SEP 

INVITE command, SEP signaling between the NAT-interior SEP client 102 and the NAT- 
exterior SIP client 114 can be initiated, creating a new binding 106ii in the NAT device 106. 

[0030] Subsequent communications between the NAT-interior SEP client 102 and the 

NAT-exterior SIP client 114 can be achieved through the NAT device 106 using the newly 
10 created binding 106ii. 

[0031] In an exemplary implementation, the present invention is implemented using 

software in the form of control logic, in either an integrated or a modular manner. 
Alternatively, hardware or a combination of software and hardware can also be used to 
implement the present invention. Based on the disclosure and teachings provided herein, a 
15 person of ordinary skill in the art will know of other ways and/or methods to implement the 
present invention. 

[0032] In an exemplary implementation, the present invention is implemented as part 

of a telephone gateway. Based on the disclosure and teachings provided herein, a person of 
ordinary skill in the art will know of other ways and/or methods to deploy the present 
20 invention. 

[0033] Based on the disclosure and teachings provided herein, it should also be clear 

to a person of ordinary skill in the art that the present invention requires neither proprietary 
clients, nor dedicated, specialized servers. The present invention builds upon current industry 
standards. Fully functional communication is possible with small architectural changes 
25 within client devices that are commonly available in the industry and such changes do not 
affect the client device's compliance with SEP standards. Such client devices coupled with 
the proxy server as described above provide seamless Internet telephony services regardless 
of NAT installations. 

[0034] It is understood that the examples and embodiments described herein are for 

30 illustrative purposes only and that various modifications or changes in light thereof will be 
suggested to persons skilled in the art and are to be included within the spirit and purview of 
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this application and scope of the appended claims. All publications, patents, and patent 
applications cited herein are hereby incorporated by reference for all purposes in their 
entirety. 
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